The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Ubuntu

computer vulnerability note CVE-2018-1000880

libarchive: infinite loop via _warc_read

Synthesis of the vulnerability

Impacted products: Debian, Ubuntu.
Severity: 1/4.
Consequences: denial of service on service, denial of service on client.
Provenance: document.
Confidence: confirmed by the editor (5/5).
Creation date: 28/12/2018.
Identifiers: CVE-2018-1000880, DSA-4360-1, USN-3859-1, VIGILANCE-VUL-28119.

Description of the vulnerability

An attacker can trigger an infinite loop via _warc_read() of libarchive, in order to trigger a denial of service.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability bulletin CVE-2018-19364

QEMU: use after free via v9fs_path_copy

Synthesis of the vulnerability

Impacted products: QEMU, Ubuntu.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights, user access/rights, denial of service on server, denial of service on service, denial of service on client.
Provenance: user shell.
Confidence: confirmed by the editor (5/5).
Creation date: 20/11/2018.
Identifiers: CVE-2018-19364, USN-3826-1, VIGILANCE-VUL-27833.

Description of the vulnerability

An attacker, inside a guest system, can force the usage of a freed memory area via v9fs_path_copy() of QEMU, in order to trigger a denial of service, and possibly to run code on the host system.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability 27815

Firefox: denial of service

Synthesis of the vulnerability

Impacted products: Fedora, Firefox, Ubuntu.
Severity: 2/4.
Consequences: denial of service on service, denial of service on client.
Provenance: document.
Confidence: confirmed by the editor (5/5).
Creation date: 19/11/2018.
Identifiers: 1498510, FEDORA-2018-7653b2c491, FEDORA-2018-b07a7b4ae1, USN-3801-1, USN-3801-2, VIGILANCE-VUL-27815.

Description of the vulnerability

An attacker can generate a fatal error of Firefox, in order to trigger a denial of service.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability note CVE-2018-19058

Poppler: assertion error via Object.h

Synthesis of the vulnerability

Impacted products: Fedora, Ubuntu, WindRiver Linux.
Severity: 1/4.
Consequences: denial of service on service, denial of service on client.
Provenance: document.
Confidence: confirmed by the editor (5/5).
Creation date: 19/11/2018.
Identifiers: CVE-2018-19058, FEDORA-2018-12b934e224, FEDORA-2018-54ed26a423, FEDORA-2018-679f8aba03, FEDORA-2018-e805688895, USN-3837-1, USN-3837-2, VIGILANCE-VUL-27814.

Description of the vulnerability

An attacker can force an assertion error via Object.h of Poppler, in order to trigger a denial of service.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability bulletin CVE-2018-19059

Poppler: out-of-bounds memory reading via EmbFile-save2

Synthesis of the vulnerability

Impacted products: Fedora, Ubuntu, WindRiver Linux.
Severity: 2/4.
Consequences: data reading, denial of service on service, denial of service on client.
Provenance: document.
Confidence: confirmed by the editor (5/5).
Creation date: 19/11/2018.
Identifiers: CVE-2018-19059, FEDORA-2018-12b934e224, FEDORA-2018-54ed26a423, FEDORA-2018-679f8aba03, FEDORA-2018-e805688895, USN-3837-1, USN-3837-2, VIGILANCE-VUL-27813.

Description of the vulnerability

An attacker can force a read at an invalid address via EmbFile::save2() of Poppler, in order to trigger a denial of service, or to obtain sensitive information.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability announce CVE-2018-19060

Poppler: NULL pointer dereference via goo/GooString.h

Synthesis of the vulnerability

Impacted products: Fedora, Ubuntu, WindRiver Linux.
Severity: 2/4.
Consequences: denial of service on service, denial of service on client.
Provenance: document.
Confidence: confirmed by the editor (5/5).
Creation date: 19/11/2018.
Identifiers: CVE-2018-19060, FEDORA-2018-12b934e224, FEDORA-2018-54ed26a423, FEDORA-2018-679f8aba03, FEDORA-2018-e805688895, USN-3837-1, USN-3837-2, VIGILANCE-VUL-27812.

Description of the vulnerability

An attacker can force a NULL pointer to be dereferenced via goo/GooString.h of Poppler, in order to trigger a denial of service.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability alert CVE-2018-18955

Linux kernel: privilege escalation via User Namespace map_write

Synthesis of the vulnerability

Impacted products: Linux, Ubuntu.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights, data reading, data creation/edition.
Provenance: user shell.
Confidence: confirmed by the editor (5/5).
Creation date: 14/11/2018.
Identifiers: 1712, 1798863, CERTFR-2018-AVI-581, CERTFR-2018-AVI-583, CVE-2018-18955, USN-3832-1, USN-3833-1, USN-3835-1, USN-3836-1, USN-3836-2, VIGILANCE-VUL-27781.

Description of the vulnerability

An attacker can bypass restrictions via User Namespace map_write() of the Linux kernel, in order to escalate his privileges.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability bulletin CVE-2018-6954

systemd: privilege escalation via tmpfiles

Synthesis of the vulnerability

Impacted products: SLES, Ubuntu.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: user shell.
Confidence: confirmed by the editor (5/5).
Creation date: 13/11/2018.
Identifiers: CVE-2018-6954, SUSE-SU-2019:0137-1, USN-3816-1, USN-3816-2, USN-3816-3, VIGILANCE-VUL-27763.

Description of the vulnerability

An attacker can bypass restrictions via tmpfiles of systemd, in order to escalate his privileges.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability announce CVE-2018-15687

systemd: privilege escalation via chown_one

Synthesis of the vulnerability

Impacted products: Ubuntu.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: user shell.
Confidence: confirmed by the editor (5/5).
Creation date: 13/11/2018.
Identifiers: CVE-2018-15687, USN-3816-1, USN-3816-2, USN-3816-3, VIGILANCE-VUL-27762.

Description of the vulnerability

An attacker can bypass restrictions via chown_one() of systemd, in order to escalate his privileges.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability CVE-2018-5407

OpenSSL: information disclosure via ECC Scalar Multiplication

Synthesis of the vulnerability

Impacted products: Debian, BIG-IP Hardware, TMOS, AIX, MariaDB ~ precise, MySQL Community, MySQL Enterprise, OpenBSD, OpenSSL, openSUSE Leap, Solaris, Percona Server, XtraBackup, XtraDB Cluster, Slackware, SUSE Linux Enterprise Desktop, SLES, Nessus, Ubuntu.
Severity: 1/4.
Consequences: data reading.
Provenance: user shell.
Confidence: confirmed by the editor (5/5).
Creation date: 12/11/2018.
Identifiers: bulletinjan2019, CERTFR-2018-AVI-607, cpujan2019, CVE-2018-5407, DLA-1586-1, DSA-4348-1, DSA-4355-1, K49711130, openSUSE-SU-2018:3903-1, openSUSE-SU-2018:4050-1, openSUSE-SU-2018:4104-1, SSA:2018-325-01, SUSE-SU-2018:3864-1, SUSE-SU-2018:3866-1, SUSE-SU-2018:3964-1, SUSE-SU-2018:3989-1, SUSE-SU-2018:4001-1, SUSE-SU-2018:4068-1, SUSE-SU-2018:4274-1, SUSE-SU-2019:0117-1, TNS-2018-16, TNS-2018-17, USN-3840-1, VIGILANCE-VUL-27760.

Description of the vulnerability

On an Intel processor (VIGILANCE-VUL-27667), an attacker can measure the execution time of the ECC Scalar Multiplication of OpenSSL, in order to obtain the used key.
Complete Vigil@nce bulletin.... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Ubuntu: